<?php
include "includes/params.php";
include $err_strings; 

$con = oci_pconnect($username, $password, $database);
if ($con){       
  
  $userlogin = $_POST['login'];         
  $userpass = $_POST['password'];
  
  $countresult = oci_parse($con, "Select count(*) cnt From user_list ul Where ul.user_login = :aLogin and ul.user_pass = :aPass");
  oci_bind_by_name($countresult, ":aLogin", $userlogin);
  oci_bind_by_name($countresult, ":aPass", $userpass);
  oci_execute($countresult);

  $CntRow = oci_fetch_array($countresult, OCI_ASSOC);   
  if ($CntRow['CNT'] == 1) {   
    // save login params to session
    $userparam = oci_parse($con, "Select ul.user_consid, nvl(ul.user_issuperuser, 0) user_issuperuser From user_list ul Where ul.user_login = :aLogin and ul.user_pass = :aPass");
    oci_bind_by_name($userparam, ":aLogin", $userlogin);
    oci_bind_by_name($userparam, ":aPass", $userpass);
    oci_execute($userparam);

    $UserParamRow = oci_fetch_array($userparam, OCI_ASSOC); 
    
    session_start(); 
    $_SESSION['login'] = $userlogin; 
    $_SESSION['password'] = $userpass; 
    $_SESSION['user_consid'] = $UserParamRow['USER_CONSID'];  
    $_SESSION['user_issupperuser'] = $UserParamRow['USER_ISSUPERUSER'];  
    
    // free
    oci_free_statement($userparam);  
    
    print "true"; 
  } else {
    print $sm_login_error;
  }
  // clear 
  oci_free_statement($countresult);
  // logoff
  oci_close($con);
}
else{
  // could't connect, show login form
  $m = oci_error();
  print $m["message"];
}
?>